-->
#1 Trusted Cybersecurity News Platform
Followed by 5.70+ million
The Hacker News Logo
Get the Latest News
cybersecurity

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Microsoft Fixes 63 Security Flaws, Including a Windows Kernel Zero-Day Under Active Attack

Microsoft Fixes 63 Security Flaws, Including a Windows Kernel Zero-Day Under Active Attack

Nov 12, 2025 Vulnerability / Patch Tuesday
Microsoft on Tuesday released patches for 63 new security vulnerabilities identified in its software, including one that has come under active exploitation in the wild. Of the 63 flaws, four are rated Critical and 59 are rated Important in severity. Twenty-nine of these vulnerabilities are related to privilege escalation, followed by 16 remote code execution, 11 information disclosure, three denial-of-service (DoS), two security feature bypass, and two spoofing bugs. The patches are in addition to the 27 vulnerabilities the Windows maker addressed in its Chromium-based Edge browser since the release of October 2025's Patch Tuesday update. The zero-day vulnerability that has been listed as exploited in Tuesday's update is CVE-2025-62215 (CVSS score: 7.0), a privilege escalation flaw in Windows Kernel. The Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) have been credited with discovering and reporting the issue. "Concurre...
Google Launches 'Private AI Compute' — Secure AI Processing with On-Device-Level Privacy

Google Launches 'Private AI Compute' — Secure AI Processing with On-Device-Level Privacy

Nov 12, 2025 Artificial Intelligence / Encryption
Google on Tuesday unveiled a new privacy-enhancing technology called Private AI Compute to process artificial intelligence (AI) queries in a secure platform in the cloud. The company said it has built Private AI Compute to "unlock the full speed and power of Gemini cloud models for AI experiences, while ensuring your personal data stays private to you and is not accessible to anyone else, not even Google." Private AI Compute has been described as a "secure, fortified space" for processing sensitive user data in a manner that's analogous to on-device processing but with extended AI capabilities. It's powered by Trillium Tensor Processing Units (TPUs) and Titanium Intelligence Enclaves (TIE), allowing the company to use its frontier models without sacrificing on security and privacy. In other words, the privacy infrastructure is designed to take advantage of the computational speed and power of the cloud while retaining the security and privacy assuran...
WhatsApp Malware 'Maverick' Hijacks Browser Sessions to Target Brazil's Biggest Banks

WhatsApp Malware 'Maverick' Hijacks Browser Sessions to Target Brazil's Biggest Banks

Nov 11, 2025 Malware / Botnet
Threat hunters have uncovered similarities between a banking malware called Coyote and a newly disclosed malicious program dubbed Maverick that has been propagated via WhatsApp. According to a report from CyberProof, both malware strains are written in .NET, target Brazilian users and banks, and feature identical functionality to decrypt, targeting banking URLs and monitor banking applications. More importantly, both include the ability to spread through WhatsApp Web . Maverick was first documented by Trend Micro early last month, attributing it to a threat actor dubbed Water Saci . The campaign involves two components: A self-propagating malware referred to as SORVEPOTEL that's spread via the desktop web version of WhatsApp and is used to deliver a ZIP archive containing the Maverick payload. The malware is designed to monitor active browser window tabs for URLs that match a hard-coded list of financial institutions in Latin America. Should the URLs match, it establishes con...
cyber security

Take the AI Sprawl CISO Survey. Get fast track to BlackHat swag

websiteRecoAI Security / SaaS Security
Answer questions on AI sprawl. First access to the peer benchmark report.
cyber security

Zscaler ThreatLabz 2026 VPN Risk Report with Cybersecurity Insiders

websiteZscalerAI Security / Network Security
VPN Risk Report reveals attackers using AI to move at machine speed, leaving legacy VPNs exposed.
GootLoader Is Back, Using a New Font Trick to Hide Malware on WordPress Sites

GootLoader Is Back, Using a New Font Trick to Hide Malware on WordPress Sites

Nov 11, 2025 Malware / Network Security
The malware known as GootLoader has resurfaced yet again after a brief spike in activity earlier this March, according to new findings from Huntress. The cybersecurity company said it observed three GootLoader infections since October 27, 2025, out of which two resulted in hands-on keyboard intrusions with domain controller compromise taking place within 17 hours of initial infection. "GootLoader is back and now leveraging custom WOFF2 fonts with glyph substitution to obfuscate filenames," security researcher Anna Pham said , adding the malware "exploits WordPress comment endpoints to deliver XOR-encrypted ZIP payloads with unique keys per file." GootLoader, affiliated with a threat actor tracked as Hive0127 (aka UNC2565), is a JavaScript-based malware loader that's often distributed via search engine optimization (SEO) poisoning tactics to deliver additional payloads, including ransomware. In a report published last September, Microsoft revealed the th...
CISO's Expert Guide To AI Supply Chain Attacks

CISO's Expert Guide To AI Supply Chain Attacks

Nov 11, 2025 AI Security / Regulatory Compliance
AI-enabled supply chain attacks jumped 156% last year. Discover why traditional defenses are failing and what CISOs must do now to protect their organizations. Download the full CISO’s expert guide to AI Supply chain attacks here .  TL;DR AI-enabled supply chain attacks are exploding in scale and sophistication - Malicious package uploads to open-source repositories jumped 156% in the past year . AI-generated malware has game-changing characteristics - It's polymorphic by default, context-aware, semantically camouflaged, and temporally evasive. Real attacks are already happening - From the 3CX breach affecting 600,000 companies to NullBulge attacks weaponizing Hugging Face and GitHub repositories. Detection times have dramatically increased - IBM's 2025 report shows breaches take an average of 276 days to identify, with AI-assisted attacks potentially extending this window. Traditional security tools are struggling - Static analysis and signature-based detec...
Npm Package Targeting GitHub-Owned Repositories Flagged as Red Team Exercise

Npm Package Targeting GitHub-Owned Repositories Flagged as Red Team Exercise

Nov 11, 2025 Software Supply Chain / Malware
Cybersecurity researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats the legitimate " @actions/artifact " package with the intent to target GitHub-owned repositories. "We think the intent was to have this script execute during a build of a GitHub-owned repository, exfiltrate the tokens available to the build environment, and then use those tokens to publish new malicious artifacts as GitHub," Veracode said in an analysis. The cybersecurity company said it observed six versions of the package – from 4.0.12 to 4.0.17 – that incorporated a post-install hook to download and run malware. That said, the latest version available for download from npm is 4.0.10, indicating that the threat actor behind the package, blakesdev , has removed all the offending versions. The package was first uploaded on October 29, 2025, and has since accrued 31,398 weekly downloads. In total, it has been downloaded 47,405 times , according...
Android Trojan 'Fantasy Hub' Malware Service Turns Telegram Into a Hub for Hackers

Android Trojan 'Fantasy Hub' Malware Service Turns Telegram Into a Hub for Hackers

Nov 11, 2025 Cybercrime / Malware
Cybersecurity researchers have disclosed details of a new Android remote access trojan (RAT) called Fantasy Hub that's sold on Russian-speaking Telegram channels under a Malware-as-a-Service (MaaS) model. According to its seller, the malware enables device control and espionage, allowing threat actors to collect SMS messages, contacts, call logs, images, and videos, as well as intercept, reply, and delete incoming notifications. "It's a MaaS product with seller documentation, videos, and a bot-driven subscription model that helps novice attackers by providing a low barrier to entry," Zimperium researcher Vishnu Pratapagiri said in a report last week. "Because it targets financial workflows (fake windows for banks) and abuses the SMS handler role (for intercepting 2-factor SMS), it poses a direct threat to enterprise customers using BYOD and to any organization whose employees rely on mobile banking or sensitive mobile apps." The threat actor, in their...
⚡ Top Stories This Week
Expert Insights Articles Videos
Cybersecurity Resources